Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Click this link to see a list of such programs and how to disable them.

If ComboFix detects an older version of itself, you will be asked to update the program.

ComboFix will begin by showing a Disclaimer. Read it and click I Agree if you want to continue.

Follow the prompts and click on Yes to continue scanning for malware.

If using Windows 7 or Vista and you receive a UAC prompt asking if you want to continue running the program, you should press the Continue button.

When finished, please copy and paste the contents of C:\ComboFix.txt (which will open after reboot) in your next reply.

Be sure to re-enable your anti-virus and other security programs.

-- Do not touch your mouse/keyboard until the ComboFix scan has completed, as this may cause the process to stall or the computer to lock.
-- ComboFix will temporarily disable your desktop, and if interrupted may leave it disabled. If this occurs, please reboot to restore it.
-- ComboFix disables autorun of all CD, floppy and USB devices to assist with malware removal and increase security.

If you no longer have access to your Internet connection after running ComboFix, please reboot to restore it. If that does not restore the connection, then follow the instructions for Manually restoring the Internet connection provided in the "How to Guide" you printed out earlier. Those instructions only apply to XP, for Vista and Windows 7 go here: Internet connection repair

NOTE: if you see a message like this when you attempt to open anything after the reboot "Illegal Operation attempted on a registry key that has been marked for deletion" please reboot the system again and the warning should not return.

Quote:

Do NOT use ComboFix unless you have been instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be used under the guidance and supervision of an expert, NOT for general public or personal use. Using this tool incorrectly could lead to serious problems with your operating system such as preventing it from ever starting again.This site, sUBs and myself will not be responsible for any damage caused to your machine by misusing or running ComboFix on your own. Please read ComboFix's Disclaimer.

In the "File to Scan" (Upload or Submit) box, click the "browse" button and locate the following file:

c:\windows\system32\scimon.dll<- this file

Click "Open", then click the "Submit" button. If you get a message saying "File has already been analyzed", click Reanalyze or Scan again.
-- Post back with the results of the file analysis in your next reply.

We will now remove that file along with a couple of other items detected by Eset.

We are now going to run ComboFix a different way.

Open Notepad by clicking > Run... and in the open box type: Notepad.exe
Press Ok, then copy and paste everything in the code box below into it.-- Note: Make sure Word Wrap is unchecked in Notepad by clicking on Format in the top menu.

Save the file as CFScript.txt by choosing Save As... in the File Menu, and save it to your Desktop where the ComboFix icon is also located.

Close your browser and disconnect from the Internet.

Now use your mouse to drag, then drop the CFScript.txt file on top of ComboFix.exe as seen in the image below.

This will start ComboFix again and launch the script.

ComboFix may reboot your system when it finishes. This is normal.

A log will be created just as before and saved to C:\ComboFix.txt. Please copy and paste the contents of ComboFix.txt in your next reply.

Be sure to re-enable your anti-virus and other security programs after the scan is complete.

NOTE: if you see a message like this when you attempt to open anything after the reboot "Illegal Operation attempted on a registry key that has been marked for deletion" please reboot the system again and the warning should not return.

As long as everything is running ok after the above, we should be able to start the clean up and reinstall Java.

Please run this to check for anything else important that needs to be updated.

Download Security Check by screen317 from Here or Here.
Save it to your Desktop.
Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Please run Combofix in Normal and just do a scan with it and post the log. I just need to make quite sure the infected file, scimon.dll, really has gone. Once that is checked and you have completed all the steps below we just have to clean up the tools used.

STEP 2Adobe
Close any programs you may have running - especially your web browser.
Click on Start > Control Panel, double-click on Programs and Features and uninstall the following Adobe entries:

Adobe Reader 8

NOTE: For XP click on > Control Panel, double-click on Add or Remove Programs and continue as above.

Then go to this link Adobe Downloads and select the latest version to download and install. You will see this page below, click on the appropriate button for for the Adobe product that was just removed.

You will now see a page similar to this one:

All four Adobe products, Reader, Flash Player, Air and Shockwave Player are set by default to download the version for Windows Operating Systems and for Internet Explorer in English. If you are using a Macintosh, or you want to use the Adobe product with a different Browser or language you must click on the line (as indicated in the above image) to make further selections to meet your requirements.

As you will see in the above image the Adobe Reader is set for Windows 7, please click (as indicated) if you are using a different version of Windows to make further selections. All the other Adobe products are universal and you will only need to change the selection for different Browsers, Languages or for Macintosh.
NOTE: In all the downloads look out for the Google Toolbar and uncheck the box if you do not need it.

Some additional instructions may appear for XP installations. In all cases save the download to your desktop, then close your browser and double click on the Adobe icon on your desktop to install it. If you have any problems installing, disconnect from the internet and disable your Anti Virus and any other security software, instructions for most AV's, etc. can be found here: How to disable security software.

STEP 3How to install the latest version of Java.

Open the browser that you normally use and click on this link: Java Download

Click on the big red button Free Java Download

On the next page click on the big red button Agree and Start Free Download

Select Run whenever the option appears. If no Run option appears click on Save and then when the download completes click on Run. If a User Account Control warning appears click on Continue.

When the Welcome to Java window appears click on Install.

It may takes several minutes to download the installer depending on the speed of your connection, allow it to complete.

If any error messages appear click on OK and then click on the Agree and start free download button again.

Please wait for the Java Setup window to appear. Uncheck the box to install the Ask Toolbar and then click on Next.

NOTE: The Ask Toolbar option may change without notice to something different, please make sure you uncheck the box for anything else that is offered. On some systems this offer may not appear, in which case, continue with the next instruction.

You will then see the Java Setup Progress window and another will appear for JavaFX (on some systems the JavaFX will not appear or be installed). Finally the Java Setup Complete window will appear, click on Close.

If a Java page then appears with a button to Verify Java Version click on it and it will verify the installation.

The Installation is now complete, please reboot the system.

NOTE: The JavaFX component is not required unless you are developing Java applications. It is perfectly safe to keep on your system, but if you wish to uninstall it please do so.

STEP 4Internet Explorer
Your Internet Explorer is out of date, the latest version for XP has a better level of security which helps to stop malicious software from reaching your PC.Internet Explorer 8 for Windows XP

i'm not sure why, but i can't get combofix to work in normal mode. after the "it may take 20 minutes to run/double for badly infected computers" text it does nothing, i left it running for half a day, no change. i disabled my antivirus while off the internet, but i'm not sure if i really disabled it or if there's some other measure of AV running that i'm not sure about or what.. but CF wouldn't run past the prompt. i did follow through on the steps posted though...
i mean.... , i couldn't run Combo Fix in normal mode to scan for scimon.dll, but i did get though steps 1-4..

I guess I must have been half asleep when I looked at the last Combofix log as it clearly shows at the top that the file in question was removed. It is a bit odd that it will not run now, but could be due to your Anti Virus, usually it will warn you if the Anti Virus is still active.

Please try and run it again and if it won't run then delete the icon on your desktop and download a fresh copy and try again.

Double click icon to start the program. If you are using Vista or Windows 7, please right-click and choose Run as Administrator

Then Click the big button.

You will get a prompt saying "Begin Cleanup Process". Please select Yes.

Restart your computer when prompted.

-- Doing this will remove any specialized tools downloaded and used. If OTC does not delete itself, then delete the file manually when done.
-- Any leftover folders/files related to ComboFix or other tools which OTC did not remove can be deleted manually (right-click on it and choose delete).

Please post back when this is complete and let me know if you have had any problems.

THIS THREAD HAS EXPIRED.
Are you having the same problem?
We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.